我的php代码有这个密码散列。如果用户是新用户,我想将用户重定向到edit_password.php。我用他们的用户名创建了默认帐户,默认密码是admin。密码是我重定向的基础。但我对如何使用我的代码感到困惑,请检查我的代码,谢谢。 这是我的代码:
<?php
require("common.php");
$submitted_username = '';
if(!empty($_POST))
{
$query = "
SELECT
id,
username,
password,
salt,
email
FROM users
WHERE
username = :username
";
$query_params = array(
':username' => $_POST['username']
);
try
{
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
die("Failed to run query: " . $ex->getMessage());
}
$login_ok = false;
$row = $stmt->fetch();
if($row)
{
$check_password = hash('sha256', $_POST['password'] . $row['salt']);
for($round = 0; $round < 65536; $round++)
{
$check_password = hash('sha256', $check_password . $row['salt']);
}
if($check_password === $row['password']) // <---- i want to insert some code here like if($check_password === $row['password'] || 'admin') to redirect new users. but i dont know how to.
{
$login_ok = true;
}
if($login_ok)
{
unset($row['salt']);
unset($row['password']);
$_SESSION['user'] = $row;
header("Location: index.php");
die("Redirecting to: index.php");
}
else
{
echo("<font color=red>Login Failed.</font>");
$submitted_username = htmlentities($_POST['username'], ENT_QUOTES, 'UTF-8');
}
}
}
?>
提前致谢。
答案 0 :(得分:1)
if($login_ok)
{
unset($row['salt']);
unset($row['password']);
$_SESSION['user'] = $row;
if($_POST['password'] === "admin")
{
header("");
}
else
{
header("Location: index.php");
die("Redirecting to: index.php");
}
}
一旦验证了用户,就可以进行简单的条件检查。